A platform for research: civil engineering, architecture and urbanism
A platform for research: civil engineering, architecture and urbanism
Objectives for managing cyber supply chain risk
AbstractCyber-based products and services are acquired through supply chains that typically involve numerous suppliers of hardware, firmware and software components and services sourced globally. When acquisition objectives and their concomitant requirements are not rigorously defined and managed, the cyber-based products and services can pose operational risks to end user organizations and possibly to society if security, reliability and/or safety are compromised, especially in critical infrastructure sectors. However, there is some disagreement about the fundamental objectives of cyber supply chain risk management. Objectives such as trustworthiness, integrity, security and reliability are often noted as key, while safety and other objectives are often omitted. Divergent guidance further compounds the difficulties encountered by an acquiring organization in writing meaningful requirements or policies for managing supply chain risk – whether from products and services, or to the operation of the supply chain, or to sensitive supply chain information. This paper recommends a set of objectives for cyber supply chain risk management and examines the connotations of each objective with the intent to improve risk coverage. It then examines the tradeoffs among the various objectives that acquirers and suppliers make and the trust assumptions that can result in risk exposure. Awareness of the tradeoffs and the degree to which organizations value one objective over another helps clarify their risk tolerance or risk appetite and enables them to apply appropriate management controls.
Objectives for managing cyber supply chain risk
AbstractCyber-based products and services are acquired through supply chains that typically involve numerous suppliers of hardware, firmware and software components and services sourced globally. When acquisition objectives and their concomitant requirements are not rigorously defined and managed, the cyber-based products and services can pose operational risks to end user organizations and possibly to society if security, reliability and/or safety are compromised, especially in critical infrastructure sectors. However, there is some disagreement about the fundamental objectives of cyber supply chain risk management. Objectives such as trustworthiness, integrity, security and reliability are often noted as key, while safety and other objectives are often omitted. Divergent guidance further compounds the difficulties encountered by an acquiring organization in writing meaningful requirements or policies for managing supply chain risk – whether from products and services, or to the operation of the supply chain, or to sensitive supply chain information. This paper recommends a set of objectives for cyber supply chain risk management and examines the connotations of each objective with the intent to improve risk coverage. It then examines the tradeoffs among the various objectives that acquirers and suppliers make and the trust assumptions that can result in risk exposure. Awareness of the tradeoffs and the degree to which organizations value one objective over another helps clarify their risk tolerance or risk appetite and enables them to apply appropriate management controls.
Objectives for managing cyber supply chain risk
Windelberg, Marjorie (author)
2015-11-11
8 pages
Article (Journal)
Electronic Resource
English
Managing the cyber risk in a multipolar world
| Elsevier | 2022
NTIS | 1979
| DOAJ | 2022
Managing the Construction Supply Chain by Simulation
| British Library Conference Proceedings | 2001
Accomplishments and Objectives of Water Supply
| Wiley | 1934